Insomnia Security unveils new assurance service

AUCKLAND - February 7, 2014 - Insomnia
Security, a leading Australasian supplier of highly
specialised information security consultancy services,
announced today a new service that will help ensure an
organisation’s operational security capability gaps are
identified, and assist in the design and implementation of
effective detection capability and attack
countermeasures.

Insomnia Security’s new Capability
Driven Testing (CDT) service is more focused and structured
than other more ‘traditional’ assurance testing, such as
penetration or Red Team testing. It is a process-driven
approach, with clear business goals and a greater emphasis
on follow-up capability and education. The result is CDT not
only bolsters an organisations’ security posture, but also
provides performance metrics to key stakeholders, thereby
demonstrating ROI on infrastructure assets (auto-detection
capability, antivirus systems, incident response competency,
etc.).

“More traditional security assurance services
concentrate on trying to access an organisation’s internal
network,” said Brett Moore, founder and Managing Director
of Insomnia Security. “But CDT takes this to another
level. It assumes an attacker has already gotten into your
network, and asks: ‘Would you be able to detect them?’
This is where an organisation’s operational teams will be
tested at varying levels, depending on their current skill
levels, and the organisation’s detection capability, of
course.”

CDT Service Lead Mark Piper added: “CDT tests
an organisation’s detection capability from the point of
view of an unsophisticated attacker using common 'off the
shelf' tools and techniques, right through to representing a
state-sponsored group with access to private tools, 0day
exploits, and sophisticated malware.”

Insomnia Security
felt that, given today's more business-orientated attacks,
organisations relying solely on the more traditional
defences of firewalls, antivirus, and the like, are not
addressing the real world risks faced by those doing
business today. Their answer to the recent trend for more
targeted attacks aimed directly at an organisation's
bottom-line, was CDT. A carefully crafted, fully
customisable approach, designed from the outset to
explicitly test an organisation's operational security
capabilities right across the
board.

Prime Minister John Key says it is “not the government’s preferred option” to make a fresh capital injection into the troubled state-owned coal miner, Solid Energy, but dodged journalists’ questions at his weekly press conference on whether that might prove necessary... More>>

NZCU Baywide says that once it was found to have committed a breach of a former staff member’s privacy, it had attempted to resolve the matter... the censure and remedies for its actions taken almost three years ago are “severe” but accepted, and will hopefully draw a line under the matter. More>>

PayPal has ceased processing payments for Mega, the file storage and encryption firm looking to join the New Zealand stock market via a reverse listing of TRS Investments, amid claims it is not a legitimate cloud storage service. More>>

The New Zealand government's operating deficit was smaller than expected in the first six months of the financial year, as the consumption and corporate tax take rose ahead of forecast in December, having lagged estimates in previous months. More>>